fix: add Dependabot coverage for webapp/backend and webapp/frontend

[danielmeppiel]

The dependabot.yml config monitors / and /vscode-extension for npm updates, but webapp/backend and webapp/frontend are not covered. Their package-lock.json files will not receive automated vulnerability PRs.

Fix

Add to .github/dependabot.yml:

- package-ecosystem: npm
  directory: /webapp/backend
  schedule:
    interval: weekly
  open-pull-requests-limit: 5
  groups:
    dev-dependencies:
      dependency-type: development
    production-dependencies:
      dependency-type: production

- package-ecosystem: npm
  directory: /webapp/frontend
  schedule:
    interval: weekly
  open-pull-requests-limit: 5
  groups:
    dev-dependencies:
      dependency-type: development

Context

Introduced by PR #90 (webapp). The webapp ships Express, Helmet, and other production dependencies that need vulnerability monitoring.